CVE-2024-45517

An issue was discovered in Zimbra Collaboration ZCS through 10.1. A Cross-Site Scripting XSS vulnerability in the /h/rest endpoint of the Zimbra webmail and admin panel interfaces allows attackers to execute arbitrary JavaScript in the victim's session. This issue is caused by improper sanitizati...

CVE-2024-45514

An issue was discovered in Zimbra Collaboration ZCS through v10.1. A Cross-Site Scripting XSS vulnerability exists in one of the endpoints of Zimbra Webmail due to insufficient sanitization of the packages parameter. Attackers can bypass the existing checks by using encoded characters, allowing t...

Zimbra Collaboration Server 10.0 < 10.0.9, 10.1.0 < 10.1.1 XSS

An issue was discovered in Zimbra Collaboration ZCS through 10.1. A reflected Cross-Site Scripting XSS issue exists through the Briefcase module due to improper sanitization of file content by the OnlyOffice formatter. This occurs when the victim opens a crafted URL pointing to a shared folder...

Zimbra Collaboration Server 跨站脚本漏洞

Zimbra Collaboration Server ZCS is an email and collaboration solution from Zimbra. The solution provides email, contacts, calendar, file sharing, social networking, and other features. A cross-site scripting vulnerability exists in Zimbra Collaboration Server version 10.1 and prior versions, whi...

Zimbra Collaboration Server 跨站脚本漏洞

Zimbra Collaboration Server ZCS is an email and collaboration solution from Zimbra. The solution provides email, contacts, calendar, file sharing, social networking, and other features. A cross-site scripting vulnerability exists in Zimbra Collaboration Server version 10.1 and earlier. An attacke...

Zimbra Collaboration Suite 安全漏洞

Zimbra Collaboration Suite ZCS is an open source collaboration suite from Zimbra. The product includes WebMail, Calendar, Address Book and more. A security vulnerability exists in Zimbra Collaboration Suite version 10.1 and prior versions, which stems from improper cleaning of file contents by th...

CVE-2023-0109

A stored cross-site scripting XSS vulnerability was discovered in usememos/memos version 0.9.1. This vulnerability allows an attacker to upload a JavaScript file containing a malicious script and reference it in an HTML file. When the HTML file is accessed, the malicious script is executed. This...

PT-2024-33668 · Librenms · Librenms +1

Name of the Vulnerable Software and Affected Versions: LibreNMS versions prior to 24.10.0 Description: The application fails to properly sanitize user input, allowing an attacker to execute malicious JavaScript code. This issue occurs when a user with an Admin role adds Notes to a device and the...

PT-2024-16805

Name of the Vulnerable Software and Affected Versions MDaemon Email Server versions prior to 24.5.1c Description An XSS issue was discovered in MDaemon Email Server, allowing a remote attacker to load arbitrary JavaScript code in the context of a webmail user's browser window by sending an HTML...

Important: Red Hat Security Advisory: webkit2gtk3 security update

An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available...

webkitgtk: arbitrary javascript code execution

A vulnerability was found in WebKit. This flaw allows a remote attacker to cause arbitrary javascript code execution...

Palo Alto Networks PAN-OS 跨站脚本漏洞

Palo Alto Networks PAN-OS is an operating system developed by Palo Alto Networks, Inc. for its firewall appliances. Palo Alto Networks PAN-OS suffers from a cross-site scripting vulnerability that stems from the presence of a cross-site scripting XSS vulnerability that allows an authenticated...

CVE-2024-52552

Jenkins Authorize Project Plugin 1.7.2 and earlier evaluates a string containing the job name with JavaScript on the Authorization view, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...

CVE-2024-52286

Stirling-PDF is a locally hosted web application that allows you to perform various operations on PDF files. In affected versions the Merge functionality takes untrusted user input file name and uses it directly in the creation of HTML pages allowing any unauthenticated to execute JavaScript code...

UBUNTU-CVE-2024-51490

Ampache is a web based audio/video streaming application and file manager. This vulnerability exists in the interface section of the Ampache menu, where users can change "Custom URL - Logo". This section is not properly sanitized, allowing for the input of strings that can execute JavaScript. Thi...

UBUNTU-CVE-2024-51486

Ampache is a web based audio/video streaming application and file manager. The vulnerability exists in the interface section of the Ampache menu, where users can change the "Custom URL - Favicon". This section is not properly sanitized, allowing for the input of strings that can execute JavaScrip...

CVE-2024-52286

CVE-2024-52286 affects Stirling-PDF prior to 0.32.0. The Merge function uses untrusted file names directly in innerHTML (code starts at Line 24 in merge.js), enabling a self‑injection XSS where a user uploading a file with a crafted name can execute JavaScript in their own browser context. The vu...

Stirling-PDF 安全漏洞

Stirling-PDF is a powerful, locally hosted, web-based PDF manipulation tool using Docker, open-sourced by Stirling Tools. A security vulnerability exists in Stirling-PDF versions prior to 0.32.0 that stems from a merge function that accepts untrusted user input and uses it directly to create HTML...

PT-2024-35152 · Unknown · Stirling-Pdf

Name of the Vulnerable Software and Affected Versions: Stirling-PDF versions prior to 0.32.0 Description: The issue in Stirling-PDF allows any unauthenticated user to execute JavaScript code in the context of the user due to the Merge functionality taking untrusted user input file name and using ...

Ikhgur mn.ikhgur.khotoch 安全漏洞

Ikhgur mn.ikhgur.khotoch Ikhgur Video Downloader Pro & Browser is a video downloader from Ikhgur. A security vulnerability exists in Ikhgur mn.ikhgur.khotoch Video Downloader Pro & Browser version 1.0.42 and earlier versions. An attacker can exploit the vulnerability to execute arbitrary JavaScri...